[7.x] Allow kbn-config-schema to ignore unknown keys (#59560) (#60407)

* allow kbn-config-schema to ignore unknown keys * Consolidate unknown key configuration * updates following merge Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2025-04-23 17:28:26 -04:00 · 2020-03-17 14:23:25 -04:00 · 2020-03-17 14:23:25 -04:00 · 489d112f77
commit 489d112f77
parent df8e754f93
52 changed files with 130 additions and 94 deletions
--- a/packages/kbn-config-schema/README.md
+++ b/packages/kbn-config-schema/README.md
@ -239,7 +239,7 @@ __Output type:__ `{ [K in keyof TProps]: TypeOf<TProps[K]> } as TObject`
 __Options:__
  * `defaultValue: TObject | Reference<TObject> | (() => TObject)` - defines a default value, see [Default values](#default-values) section for more details.
  * `validate: (value: TObject) => string | void` - defines a custom validator function, see [Custom validation](#custom-validation) section for more details.
-  * `allowUnknowns: boolean` - indicates whether unknown object properties should be allowed. It's `false` by default.
+  * `unknowns: 'allow' | 'ignore' | 'forbid'` - indicates whether unknown object properties should be allowed, ignored, or forbidden. It's `forbid` by default.

 __Usage:__
 ```typescript
@ -250,7 +250,7 @@ const valueSchema = schema.object({
 ```

 __Notes:__
-* Using `allowUnknowns` is discouraged and should only be used in exceptional circumstances. Consider using `schema.recordOf()` instead.
+* Using `unknowns: 'allow'` is discouraged and should only be used in exceptional circumstances. Consider using `schema.recordOf()` instead.
 * Currently `schema.object()` always has a default value of `{}`, but this may change in the near future. Try to not rely on this behaviour and specify default value explicitly or use `schema.maybe()` if the value is optional.
 * `schema.object()` also supports a json string as input if it can be safely parsed using `JSON.parse` and if the resulting value is a plain object.

--- a/packages/kbn-config-schema/src/types/object_type.test.ts
+++ b/packages/kbn-config-schema/src/types/object_type.test.ts
@ -276,10 +276,10 @@ test('individual keys can validated', () => {
  );
 });

-test('allow unknown keys when allowUnknowns = true', () => {
+test('allow unknown keys when unknowns = `allow`', () => {
  const type = schema.object(
    { foo: schema.string({ defaultValue: 'test' }) },
-    { allowUnknowns: true }
+    { unknowns: 'allow' }
  );

  expect(
@ -292,10 +292,10 @@ test('allow unknown keys when allowUnknowns = true', () => {
  });
 });

-test('allowUnknowns = true affects only own keys', () => {
+test('unknowns = `allow` affects only own keys', () => {
  const type = schema.object(
    { foo: schema.object({ bar: schema.string() }) },
-    { allowUnknowns: true }
+    { unknowns: 'allow' }
  );

  expect(() =>
@ -308,10 +308,10 @@ test('allowUnknowns = true affects only own keys', () => {
  ).toThrowErrorMatchingInlineSnapshot(`"[foo.baz]: definition for this key is missing"`);
 });

-test('does not allow unknown keys when allowUnknowns = false', () => {
+test('does not allow unknown keys when unknowns = `forbid`', () => {
  const type = schema.object(
    { foo: schema.string({ defaultValue: 'test' }) },
-    { allowUnknowns: false }
+    { unknowns: 'forbid' }
  );
  expect(() =>
    type.validate({
@ -319,3 +319,34 @@ test('does not allow unknown keys when allowUnknowns = false', () => {
    })
  ).toThrowErrorMatchingInlineSnapshot(`"[bar]: definition for this key is missing"`);
 });
+
+test('allow and remove unknown keys when unknowns = `ignore`', () => {
+  const type = schema.object(
+    { foo: schema.string({ defaultValue: 'test' }) },
+    { unknowns: 'ignore' }
+  );
+
+  expect(
+    type.validate({
+      bar: 'baz',
+    })
+  ).toEqual({
+    foo: 'test',
+  });
+});
+
+test('unknowns = `ignore` affects only own keys', () => {
+  const type = schema.object(
+    { foo: schema.object({ bar: schema.string() }) },
+    { unknowns: 'ignore' }
+  );
+
+  expect(() =>
+    type.validate({
+      foo: {
+        bar: 'bar',
+        baz: 'baz',
+      },
+    })
+  ).toThrowErrorMatchingInlineSnapshot(`"[foo.baz]: definition for this key is missing"`);
+});
--- a/packages/kbn-config-schema/src/types/object_type.ts
+++ b/packages/kbn-config-schema/src/types/object_type.ts
@ -30,17 +30,25 @@ export type TypeOf<RT extends Type<any>> = RT['type'];
 // this might not have perfect _rendering_ output, but it will be typed.
 export type ObjectResultType<P extends Props> = Readonly<{ [K in keyof P]: TypeOf<P[K]> }>;

+interface UnknownOptions {
+  /**
+   * Options for dealing with unknown keys:
+   * - allow: unknown keys will be permitted
+   * - ignore: unknown keys will not fail validation, but will be stripped out
+   * - forbid (default): unknown keys will fail validation
+   */
+  unknowns?: 'allow' | 'ignore' | 'forbid';
+}
+
 export type ObjectTypeOptions<P extends Props = any> = TypeOptions<
  { [K in keyof P]: TypeOf<P[K]> }
-> & {
-  /** Should uknown keys not be defined in the schema be allowed. Defaults to `false` */
-  allowUnknowns?: boolean;
-};
+> &
+  UnknownOptions;

 export class ObjectType<P extends Props = any> extends Type<ObjectResultType<P>> {
  private props: Record<string, AnySchema>;

-  constructor(props: P, { allowUnknowns = false, ...typeOptions }: ObjectTypeOptions<P> = {}) {
+  constructor(props: P, { unknowns = 'forbid', ...typeOptions }: ObjectTypeOptions<P> = {}) {
    const schemaKeys = {} as Record<string, AnySchema>;
    for (const [key, value] of Object.entries(props)) {
      schemaKeys[key] = value.getSchema();
@ -50,7 +58,8 @@ export class ObjectType<P extends Props = any> extends Type<ObjectResultType<P>>
      .keys(schemaKeys)
      .default()
      .optional()
-      .unknown(Boolean(allowUnknowns));
+      .unknown(unknowns === 'allow')
+      .options({ stripUnknown: { objects: unknowns === 'ignore' } });

    super(schema, typeOptions);
    this.props = schemaKeys;
--- a/src/core/server/http/router/route.ts
+++ b/src/core/server/http/router/route.ts
@ -179,7 +179,7 @@ export interface RouteConfig<P, Q, B, Method extends RouteMethod> {
   * access to raw values.
   * In some cases you may want to use another validation library. To do this, you need to
   * instruct the `@kbn/config-schema` library to output **non-validated values** with
-   * setting schema as `schema.object({}, { allowUnknowns: true })`;
+   * setting schema as `schema.object({}, { unknowns: 'allow' })`;
   *
   * @example
   * ```ts
@ -212,7 +212,7 @@ export interface RouteConfig<P, Q, B, Method extends RouteMethod> {
   *   path: 'path/{id}',
   *   validate: {
   *     // handler has access to raw non-validated params in runtime
-   *     params: schema.object({}, { allowUnknowns: true })
+   *     params: schema.object({}, { unknowns: 'allow' })
   *   },
   * },
   * (context, req, res,) {
--- a/src/core/server/http/router/router.test.ts
+++ b/src/core/server/http/router/router.test.ts
@ -59,7 +59,7 @@ describe('Router', () => {
          {
            path: '/',
            options: { body: { output: 'file' } } as any, // We explicitly don't support 'file'
-            validate: { body: schema.object({}, { allowUnknowns: true }) },
+            validate: { body: schema.object({}, { unknowns: 'allow' }) },
          },
          (context, req, res) => res.ok({})
        )
--- a/src/core/server/ui_settings/routes/set_many.ts
+++ b/src/core/server/ui_settings/routes/set_many.ts
@ -24,7 +24,7 @@ import { CannotOverrideError } from '../ui_settings_errors';

 const validate = {
  body: schema.object({
-    changes: schema.object({}, { allowUnknowns: true }),
+    changes: schema.object({}, { unknowns: 'allow' }),
  }),
 };

--- a/src/core/server/ui_settings/ui_settings_config.ts
+++ b/src/core/server/ui_settings/ui_settings_config.ts
@ -39,7 +39,7 @@ const configSchema = schema.object({
        })
      ),
    },
-    { allowUnknowns: true }
+    { unknowns: 'allow' }
  ),
 });

--- a/src/plugins/data/server/autocomplete/value_suggestions_route.ts
+++ b/src/plugins/data/server/autocomplete/value_suggestions_route.ts
@ -39,7 +39,7 @@ export function registerValueSuggestionsRoute(
          {
            index: schema.string(),
          },
-          { allowUnknowns: false }
+          { unknowns: 'allow' }
        ),
        body: schema.object(
          {
@ -47,7 +47,7 @@ export function registerValueSuggestionsRoute(
            query: schema.string(),
            boolFilter: schema.maybe(schema.any()),
          },
-          { allowUnknowns: false }
+          { unknowns: 'allow' }
        ),
      },
    },
--- a/src/plugins/data/server/search/routes.ts
+++ b/src/plugins/data/server/search/routes.ts
@ -28,9 +28,9 @@ export function registerSearchRoute(router: IRouter): void {
      validate: {
        params: schema.object({ strategy: schema.string() }),

-        query: schema.object({}, { allowUnknowns: true }),
+        query: schema.object({}, { unknowns: 'allow' }),

-        body: schema.object({}, { allowUnknowns: true }),
+        body: schema.object({}, { unknowns: 'allow' }),
      },
    },
    async (context, request, res) => {
@ -64,7 +64,7 @@ export function registerSearchRoute(router: IRouter): void {
          id: schema.string(),
        }),

-        query: schema.object({}, { allowUnknowns: true }),
+        query: schema.object({}, { unknowns: 'allow' }),
      },
    },
    async (context, request, res) => {
--- a/src/plugins/timelion/config.ts
+++ b/src/plugins/timelion/config.ts
@ -25,7 +25,7 @@ export const configSchema = schema.object(
    graphiteUrls: schema.maybe(schema.arrayOf(schema.string())),
  },
  // This option should be removed as soon as we entirely migrate config from legacy Timelion plugin.
-  { allowUnknowns: true }
+  { unknowns: 'allow' }
 );

 export type ConfigSchema = TypeOf<typeof configSchema>;
--- a/src/plugins/timelion/server/routes/run.ts
+++ b/src/plugins/timelion/server/routes/run.ts
@ -78,15 +78,11 @@ export function runRoute(
              es: schema.object({
                filter: schema.object({
                  bool: schema.object({
-                    filter: schema.maybe(
-                      schema.arrayOf(schema.object({}, { allowUnknowns: true }))
-                    ),
-                    must: schema.maybe(schema.arrayOf(schema.object({}, { allowUnknowns: true }))),
-                    should: schema.maybe(
-                      schema.arrayOf(schema.object({}, { allowUnknowns: true }))
-                    ),
+                    filter: schema.maybe(schema.arrayOf(schema.object({}, { unknowns: 'allow' }))),
+                    must: schema.maybe(schema.arrayOf(schema.object({}, { unknowns: 'allow' }))),
+                    should: schema.maybe(schema.arrayOf(schema.object({}, { unknowns: 'allow' }))),
                    must_not: schema.maybe(
-                      schema.arrayOf(schema.object({}, { allowUnknowns: true }))
+                      schema.arrayOf(schema.object({}, { unknowns: 'allow' }))
                    ),
                  }),
                }),
--- a/src/plugins/vis_type_timeseries/server/routes/vis.ts
+++ b/src/plugins/vis_type_timeseries/server/routes/vis.ts
@ -23,7 +23,7 @@ import { getVisData, GetVisDataOptions } from '../lib/get_vis_data';
 import { visPayloadSchema } from './post_vis_schema';
 import { Framework, ValidationTelemetryServiceSetup } from '../index';

-const escapeHatch = schema.object({}, { allowUnknowns: true });
+const escapeHatch = schema.object({}, { unknowns: 'allow' });

 export const visDataRoutes = (
  router: IRouter,
--- a/test/plugin_functional/plugins/rendering_plugin/server/plugin.ts
+++ b/test/plugin_functional/plugins/rendering_plugin/server/plugin.ts
@ -33,7 +33,7 @@ export class RenderingPlugin implements Plugin {
            {
              includeUserSettings: schema.boolean({ defaultValue: true }),
            },
-            { allowUnknowns: true }
+            { unknowns: 'allow' }
          ),
          params: schema.object({
            id: schema.maybe(schema.string()),
--- a/x-pack/legacy/plugins/license_management/server/np_ready/routes/api/license/register_license_route.ts
+++ b/x-pack/legacy/plugins/license_management/server/np_ready/routes/api/license/register_license_route.ts
@ -15,7 +15,7 @@ export function registerLicenseRoute(server: Server, legacy: Legacy, xpackInfo:
      validate: {
        query: schema.object({ acknowledge: schema.string() }),
        body: schema.object({
-          license: schema.object({}, { allowUnknowns: true }),
+          license: schema.object({}, { unknowns: 'allow' }),
        }),
      },
    },
--- a/x-pack/legacy/plugins/rollup/server/routes/api/jobs.ts
+++ b/x-pack/legacy/plugins/rollup/server/routes/api/jobs.ts
@ -137,7 +137,7 @@ export function registerJobsRoute(deps: RouteDependencies, legacy: ServerShim) {
            {
              id: schema.string(),
            },
-            { allowUnknowns: true }
+            { unknowns: 'allow' }
          ),
        }),
      },
--- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/signals/signal_params_schema.ts
+++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/signals/signal_params_schema.ts
@ -26,13 +26,13 @@ export const signalParamsSchema = () =>
    savedId: schema.nullable(schema.string()),
    timelineId: schema.nullable(schema.string()),
    timelineTitle: schema.nullable(schema.string()),
-    meta: schema.nullable(schema.object({}, { allowUnknowns: true })),
+    meta: schema.nullable(schema.object({}, { unknowns: 'allow' })),
    query: schema.nullable(schema.string()),
-    filters: schema.nullable(schema.arrayOf(schema.object({}, { allowUnknowns: true }))),
+    filters: schema.nullable(schema.arrayOf(schema.object({}, { unknowns: 'allow' }))),
    maxSignals: schema.number({ defaultValue: DEFAULT_MAX_SIGNALS }),
    riskScore: schema.number(),
    severity: schema.string(),
-    threat: schema.nullable(schema.arrayOf(schema.object({}, { allowUnknowns: true }))),
+    threat: schema.nullable(schema.arrayOf(schema.object({}, { unknowns: 'allow' }))),
    to: schema.string(),
    type: schema.string(),
    references: schema.arrayOf(schema.string(), { defaultValue: [] }),
--- a/x-pack/legacy/plugins/siem/server/lib/framework/kibana_framework_adapter.ts
+++ b/x-pack/legacy/plugins/siem/server/lib/framework/kibana_framework_adapter.ts
@ -61,7 +61,7 @@ export class KibanaBackendFrameworkAdapter implements FrameworkAdapter {
    this.router.post(
      {
        path: routePath,
-        validate: { body: configSchema.object({}, { allowUnknowns: true }) },
+        validate: { body: configSchema.object({}, { unknowns: 'allow' }) },
        options: {
          tags: ['access:siem'],
        },
--- a/x-pack/plugins/apm/server/routes/create_api/index.ts
+++ b/x-pack/plugins/apm/server/routes/create_api/index.ts
@ -71,7 +71,7 @@ export function createApi() {
          body: bodyRt || t.null
        };

-        const anyObject = schema.object({}, { allowUnknowns: true });
+        const anyObject = schema.object({}, { unknowns: 'allow' });

        (router[routerMethod] as RouteRegistrar<typeof routerMethod>)(
          {
--- a/x-pack/plugins/canvas/server/routes/workpad/update.ts
+++ b/x-pack/plugins/canvas/server/routes/workpad/update.ts
@ -120,7 +120,7 @@ export function initializeUpdateWorkpadAssetsRoute(deps: RouteInitializerDeps) {
        // ToDo: Currently the validation must be a schema.object
        // Because we don't know what keys the assets will have, we have to allow
        // unknowns and then validate in the handler
-        body: schema.object({}, { allowUnknowns: true }),
+        body: schema.object({}, { unknowns: 'allow' }),
      },
      options: {
        body: {
--- a/x-pack/plugins/case/server/routes/api/utils.ts
+++ b/x-pack/plugins/case/server/routes/api/utils.ts
@ -141,4 +141,4 @@ export const sortToSnake = (sortField: string): SortFieldCase => {
  }
 };

-export const escapeHatch = schema.object({}, { allowUnknowns: true });
+export const escapeHatch = schema.object({}, { unknowns: 'allow' });
--- a/x-pack/plugins/file_upload/server/routes/file_upload.js
+++ b/x-pack/plugins/file_upload/server/routes/file_upload.js
@ -28,12 +28,12 @@ export const bodySchema = schema.object(
        {},
        {
          defaultValue: {},
-          allowUnknowns: true,
+          unknowns: 'allow',
        }
      )
    ),
  },
-  { allowUnknowns: true }
+  { unknowns: 'allow' }
 );

 const options = {
@ -48,7 +48,7 @@ export const idConditionalValidation = (body, boolHasId) =>
    .object(
      {
        data: boolHasId
-          ? schema.arrayOf(schema.object({}, { allowUnknowns: true }), { minSize: 1 })
+          ? schema.arrayOf(schema.object({}, { unknowns: 'allow' }), { minSize: 1 })
          : schema.any(),
        settings: boolHasId
          ? schema.any()
@ -58,7 +58,7 @@ export const idConditionalValidation = (body, boolHasId) =>
                defaultValue: {
                  number_of_shards: 1,
                },
-                allowUnknowns: true,
+                unknowns: 'allow',
              }
            ),
        mappings: boolHasId
@ -67,11 +67,11 @@ export const idConditionalValidation = (body, boolHasId) =>
              {},
              {
                defaultValue: {},
-                allowUnknowns: true,
+                unknowns: 'allow',
              }
            ),
      },
-      { allowUnknowns: true }
+      { unknowns: 'allow' }
    )
    .validate(body);

--- a/x-pack/plugins/graph/server/routes/explore.ts
+++ b/x-pack/plugins/graph/server/routes/explore.ts
@ -23,7 +23,7 @@ export function registerExploreRoute({
      validate: {
        body: schema.object({
          index: schema.string(),
-          query: schema.object({}, { allowUnknowns: true }),
+          query: schema.object({}, { unknowns: 'allow' }),
        }),
      },
    },
--- a/x-pack/plugins/graph/server/routes/search.ts
+++ b/x-pack/plugins/graph/server/routes/search.ts
@ -21,7 +21,7 @@ export function registerSearchRoute({
      validate: {
        body: schema.object({
          index: schema.string(),
-          body: schema.object({}, { allowUnknowns: true }),
+          body: schema.object({}, { unknowns: 'allow' }),
        }),
      },
    },
--- a/x-pack/plugins/index_management/server/routes/api/templates/validate_schemas.ts
+++ b/x-pack/plugins/index_management/server/routes/api/templates/validate_schemas.ts
@ -11,9 +11,9 @@ export const templateSchema = schema.object({
  indexPatterns: schema.arrayOf(schema.string()),
  version: schema.maybe(schema.number()),
  order: schema.maybe(schema.number()),
-  settings: schema.maybe(schema.object({}, { allowUnknowns: true })),
-  aliases: schema.maybe(schema.object({}, { allowUnknowns: true })),
-  mappings: schema.maybe(schema.object({}, { allowUnknowns: true })),
+  settings: schema.maybe(schema.object({}, { unknowns: 'allow' })),
+  aliases: schema.maybe(schema.object({}, { unknowns: 'allow' })),
+  mappings: schema.maybe(schema.object({}, { unknowns: 'allow' })),
  ilmPolicy: schema.maybe(
    schema.object({
      name: schema.maybe(schema.string()),
--- a/x-pack/plugins/infra/server/lib/adapters/framework/kibana_framework_adapter.ts
+++ b/x-pack/plugins/infra/server/lib/adapters/framework/kibana_framework_adapter.ts
@ -76,7 +76,7 @@ export class KibanaFramework {

  public registerGraphQLEndpoint(routePath: string, gqlSchema: GraphQLSchema) {
    // These endpoints are validated by GraphQL at runtime and with GraphQL generated types
-    const body = schema.object({}, { allowUnknowns: true });
+    const body = schema.object({}, { unknowns: 'allow' });
    type Body = TypeOf<typeof body>;

    const routeOptions = {
--- a/x-pack/plugins/infra/server/routes/inventory_metadata/index.ts
+++ b/x-pack/plugins/infra/server/routes/inventory_metadata/index.ts
@ -18,7 +18,7 @@ import {
 } from '../../../common/http_api/inventory_meta_api';
 import { getCloudMetadata } from './lib/get_cloud_metadata';

-const escapeHatch = schema.object({}, { allowUnknowns: true });
+const escapeHatch = schema.object({}, { unknowns: 'allow' });

 export const initInventoryMetaRoute = (libs: InfraBackendLibs) => {
  const { framework } = libs;
--- a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_categories.ts
+++ b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_categories.ts
@ -19,7 +19,7 @@ import {
 import { throwErrors } from '../../../../common/runtime_types';
 import { NoLogAnalysisResultsIndexError } from '../../../lib/log_analysis';

-const anyObject = schema.object({}, { allowUnknowns: true });
+const anyObject = schema.object({}, { unknowns: 'allow' });

 export const initGetLogEntryCategoriesRoute = ({
  framework,
--- a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_datasets.ts
+++ b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_datasets.ts
@ -19,7 +19,7 @@ import { throwErrors } from '../../../../common/runtime_types';
 import { InfraBackendLibs } from '../../../lib/infra_types';
 import { NoLogAnalysisResultsIndexError } from '../../../lib/log_analysis';

-const anyObject = schema.object({}, { allowUnknowns: true });
+const anyObject = schema.object({}, { unknowns: 'allow' });

 export const initGetLogEntryCategoryDatasetsRoute = ({
  framework,
--- a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_examples.ts
+++ b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_examples.ts
@ -19,7 +19,7 @@ import { throwErrors } from '../../../../common/runtime_types';
 import { InfraBackendLibs } from '../../../lib/infra_types';
 import { NoLogAnalysisResultsIndexError } from '../../../lib/log_analysis';

-const anyObject = schema.object({}, { allowUnknowns: true });
+const anyObject = schema.object({}, { unknowns: 'allow' });

 export const initGetLogEntryCategoryExamplesRoute = ({
  framework,
--- a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_rate.ts
+++ b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_rate.ts
@ -20,7 +20,7 @@ import {
 import { throwErrors } from '../../../../common/runtime_types';
 import { NoLogAnalysisResultsIndexError } from '../../../lib/log_analysis';

-const anyObject = schema.object({}, { allowUnknowns: true });
+const anyObject = schema.object({}, { unknowns: 'allow' });

 export const initGetLogEntryRateRoute = ({ framework, logEntryRateAnalysis }: InfraBackendLibs) => {
  framework.registerRoute(
--- a/x-pack/plugins/infra/server/routes/log_analysis/validation/indices.ts
+++ b/x-pack/plugins/infra/server/routes/log_analysis/validation/indices.ts
@ -19,7 +19,7 @@ import {

 import { throwErrors } from '../../../../common/runtime_types';

-const escapeHatch = schema.object({}, { allowUnknowns: true });
+const escapeHatch = schema.object({}, { unknowns: 'allow' });

 export const initValidateLogAnalysisIndicesRoute = ({ framework }: InfraBackendLibs) => {
  framework.registerRoute(
--- a/x-pack/plugins/infra/server/routes/log_entries/entries.ts
+++ b/x-pack/plugins/infra/server/routes/log_entries/entries.ts
@ -22,7 +22,7 @@ import {
 import { parseFilterQuery } from '../../utils/serialized_query';
 import { LogEntriesParams } from '../../lib/domains/log_entries_domain';

-const escapeHatch = schema.object({}, { allowUnknowns: true });
+const escapeHatch = schema.object({}, { unknowns: 'allow' });

 export const initLogEntriesRoute = ({ framework, logEntries }: InfraBackendLibs) => {
  framework.registerRoute(
--- a/x-pack/plugins/infra/server/routes/log_entries/highlights.ts
+++ b/x-pack/plugins/infra/server/routes/log_entries/highlights.ts
@ -22,7 +22,7 @@ import {
 import { parseFilterQuery } from '../../utils/serialized_query';
 import { LogEntriesParams } from '../../lib/domains/log_entries_domain';

-const escapeHatch = schema.object({}, { allowUnknowns: true });
+const escapeHatch = schema.object({}, { unknowns: 'allow' });

 export const initLogEntriesHighlightsRoute = ({ framework, logEntries }: InfraBackendLibs) => {
  framework.registerRoute(
--- a/x-pack/plugins/infra/server/routes/log_entries/item.ts
+++ b/x-pack/plugins/infra/server/routes/log_entries/item.ts
@ -20,7 +20,7 @@ import {
  logEntriesItemResponseRT,
 } from '../../../common/http_api';

-const escapeHatch = schema.object({}, { allowUnknowns: true });
+const escapeHatch = schema.object({}, { unknowns: 'allow' });

 export const initLogEntriesItemRoute = ({ framework, sources, logEntries }: InfraBackendLibs) => {
  framework.registerRoute(
--- a/x-pack/plugins/infra/server/routes/log_entries/summary.ts
+++ b/x-pack/plugins/infra/server/routes/log_entries/summary.ts
@ -21,7 +21,7 @@ import {
 } from '../../../common/http_api/log_entries';
 import { parseFilterQuery } from '../../utils/serialized_query';

-const escapeHatch = schema.object({}, { allowUnknowns: true });
+const escapeHatch = schema.object({}, { unknowns: 'allow' });

 export const initLogEntriesSummaryRoute = ({ framework, logEntries }: InfraBackendLibs) => {
  framework.registerRoute(
--- a/x-pack/plugins/infra/server/routes/log_entries/summary_highlights.ts
+++ b/x-pack/plugins/infra/server/routes/log_entries/summary_highlights.ts
@ -21,7 +21,7 @@ import {
 } from '../../../common/http_api/log_entries';
 import { parseFilterQuery } from '../../utils/serialized_query';

-const escapeHatch = schema.object({}, { allowUnknowns: true });
+const escapeHatch = schema.object({}, { unknowns: 'allow' });

 export const initLogEntriesSummaryHighlightsRoute = ({
  framework,
--- a/x-pack/plugins/infra/server/routes/metadata/index.ts
+++ b/x-pack/plugins/infra/server/routes/metadata/index.ts
@ -23,7 +23,7 @@ import { getCloudMetricsMetadata } from './lib/get_cloud_metric_metadata';
 import { getNodeInfo } from './lib/get_node_info';
 import { throwErrors } from '../../../common/runtime_types';

-const escapeHatch = schema.object({}, { allowUnknowns: true });
+const escapeHatch = schema.object({}, { unknowns: 'allow' });

 export const initMetadataRoute = (libs: InfraBackendLibs) => {
  const { framework } = libs;
--- a/x-pack/plugins/infra/server/routes/metrics_explorer/index.ts
+++ b/x-pack/plugins/infra/server/routes/metrics_explorer/index.ts
@ -15,7 +15,7 @@ import { populateSeriesWithTSVBData } from './lib/populate_series_with_tsvb_data
 import { metricsExplorerRequestBodyRT, metricsExplorerResponseRT } from '../../../common/http_api';
 import { throwErrors } from '../../../common/runtime_types';

-const escapeHatch = schema.object({}, { allowUnknowns: true });
+const escapeHatch = schema.object({}, { unknowns: 'allow' });

 export const initMetricExplorerRoute = (libs: InfraBackendLibs) => {
  const { framework } = libs;
--- a/x-pack/plugins/infra/server/routes/node_details/index.ts
+++ b/x-pack/plugins/infra/server/routes/node_details/index.ts
@ -18,7 +18,7 @@ import {
 } from '../../../common/http_api/node_details_api';
 import { throwErrors } from '../../../common/runtime_types';

-const escapeHatch = schema.object({}, { allowUnknowns: true });
+const escapeHatch = schema.object({}, { unknowns: 'allow' });

 export const initNodeDetailsRoute = (libs: InfraBackendLibs) => {
  const { framework } = libs;
--- a/x-pack/plugins/infra/server/routes/snapshot/index.ts
+++ b/x-pack/plugins/infra/server/routes/snapshot/index.ts
@ -14,7 +14,7 @@ import { parseFilterQuery } from '../../utils/serialized_query';
 import { SnapshotRequestRT, SnapshotNodeResponseRT } from '../../../common/http_api/snapshot_api';
 import { throwErrors } from '../../../common/runtime_types';

-const escapeHatch = schema.object({}, { allowUnknowns: true });
+const escapeHatch = schema.object({}, { unknowns: 'allow' });

 export const initSnapshotRoute = (libs: InfraBackendLibs) => {
  const { framework } = libs;
--- a/x-pack/plugins/lens/server/routes/existing_fields.ts
+++ b/x-pack/plugins/lens/server/routes/existing_fields.ts
@ -55,7 +55,7 @@ export async function existingFieldsRoute(setup: CoreSetup) {
          indexPatternId: schema.string(),
        }),
        body: schema.object({
-          dslQuery: schema.object({}, { allowUnknowns: true }),
+          dslQuery: schema.object({}, { unknowns: 'allow' }),
          fromDate: schema.maybe(schema.string()),
          toDate: schema.maybe(schema.string()),
          timeFieldName: schema.maybe(schema.string()),
--- a/x-pack/plugins/lens/server/routes/field_stats.ts
+++ b/x-pack/plugins/lens/server/routes/field_stats.ts
@ -24,7 +24,7 @@ export async function initFieldsRoute(setup: CoreSetup) {
        }),
        body: schema.object(
          {
-            dslQuery: schema.object({}, { allowUnknowns: true }),
+            dslQuery: schema.object({}, { unknowns: 'allow' }),
            fromDate: schema.string(),
            toDate: schema.string(),
            timeFieldName: schema.maybe(schema.string()),
@ -34,10 +34,10 @@ export async function initFieldsRoute(setup: CoreSetup) {
                type: schema.string(),
                esTypes: schema.maybe(schema.arrayOf(schema.string())),
              },
-              { allowUnknowns: true }
+              { unknowns: 'allow' }
            ),
          },
-          { allowUnknowns: true }
+          { unknowns: 'allow' }
        ),
      },
    },
--- a/x-pack/plugins/searchprofiler/server/routes/profile.ts
+++ b/x-pack/plugins/searchprofiler/server/routes/profile.ts
@ -12,7 +12,7 @@ export const register = ({ router, getLicenseStatus, log }: RouteDependencies) =
      path: '/api/searchprofiler/profile',
      validate: {
        body: schema.object({
-          query: schema.object({}, { allowUnknowns: true }),
+          query: schema.object({}, { unknowns: 'allow' }),
          index: schema.string(),
        }),
      },
--- a/x-pack/plugins/security/server/routes/authentication/common.ts
+++ b/x-pack/plugins/security/server/routes/authentication/common.ts
@ -21,7 +21,7 @@ export function defineCommonRoutes({ router, authc, basePath, logger }: RouteDef
        path,
        // Allow unknown query parameters as this endpoint can be hit by the 3rd-party with any
        // set of query string parameters (e.g. SAML/OIDC logout request parameters).
-        validate: { query: schema.object({}, { allowUnknowns: true }) },
+        validate: { query: schema.object({}, { unknowns: 'allow' }) },
        options: { authRequired: false },
      },
      async (context, request, response) => {
--- a/x-pack/plugins/security/server/routes/authentication/oidc.ts
+++ b/x-pack/plugins/security/server/routes/authentication/oidc.ts
@ -103,7 +103,7 @@ export function defineOIDCRoutes({ router, logger, authc, csp, basePath }: Route
            // The client MUST ignore unrecognized response parameters according to
            // https://openid.net/specs/openid-connect-core-1_0.html#AuthResponseValidation and
            // https://tools.ietf.org/html/rfc6749#section-4.1.2.
-            { allowUnknowns: true }
+            { unknowns: 'allow' }
          ),
        },
        options: { authRequired: false },
@ -178,7 +178,7 @@ export function defineOIDCRoutes({ router, logger, authc, csp, basePath }: Route
            },
            // Other parameters MAY be sent, if defined by extensions. Any parameters used that are not understood MUST
            // be ignored by the Client according to https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin.
-            { allowUnknowns: true }
+            { unknowns: 'allow' }
          ),
        },
        options: { authRequired: false },
@ -217,7 +217,7 @@ export function defineOIDCRoutes({ router, logger, authc, csp, basePath }: Route
          },
          // Other parameters MAY be sent, if defined by extensions. Any parameters used that are not understood MUST
          // be ignored by the Client according to https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin.
-          { allowUnknowns: true }
+          { unknowns: 'allow' }
        ),
      },
      options: { authRequired: false },
--- a/x-pack/plugins/security/server/routes/role_mapping/post.ts
+++ b/x-pack/plugins/security/server/routes/role_mapping/post.ts
@ -36,8 +36,8 @@ export function defineRoleMappingPostRoutes(params: RouteDefinitionParams) {
          // and keeping this in sync (and testable!) with ES could prove problematic.
          // We do not interpret any of these rules within this route handler;
          // they are simply passed to ES for processing.
-          rules: schema.object({}, { allowUnknowns: true }),
-          metadata: schema.object({}, { allowUnknowns: true }),
+          rules: schema.object({}, { unknowns: 'allow' }),
+          metadata: schema.object({}, { unknowns: 'allow' }),
        }),
      },
    },
--- a/x-pack/plugins/security/server/routes/views/login.ts
+++ b/x-pack/plugins/security/server/routes/views/login.ts
@ -28,7 +28,7 @@ export function defineLoginRoutes({
            next: schema.maybe(schema.string()),
            msg: schema.maybe(schema.string()),
          },
-          { allowUnknowns: true }
+          { unknowns: 'allow' }
        ),
      },
      options: { authRequired: false },
--- a/x-pack/plugins/snapshot_restore/server/routes/api/validate_schemas.ts
+++ b/x-pack/plugins/snapshot_restore/server/routes/api/validate_schemas.ts
@ -37,9 +37,9 @@ export const policySchema = schema.object({
  config: schema.maybe(snapshotConfigSchema),
  retention: schema.maybe(snapshotRetentionSchema),
  isManagedPolicy: schema.boolean(),
-  stats: schema.maybe(schema.object({}, { allowUnknowns: true })),
-  lastFailure: schema.maybe(schema.object({}, { allowUnknowns: true })),
-  lastSuccess: schema.maybe(schema.object({}, { allowUnknowns: true })),
+  stats: schema.maybe(schema.object({}, { unknowns: 'allow' })),
+  lastFailure: schema.maybe(schema.object({}, { unknowns: 'allow' })),
+  lastSuccess: schema.maybe(schema.object({}, { unknowns: 'allow' })),
 });

 const fsRepositorySettings = schema.object({
@ -100,7 +100,7 @@ const hdsRepositorySettings = schema.object(
    readonly: schema.maybe(schema.boolean()),
    ['security.principal']: schema.maybe(schema.string()),
  },
-  { allowUnknowns: true }
+  { unknowns: 'allow' }
 );

 const hdsfRepository = schema.object({
@ -158,7 +158,7 @@ const sourceRepository = schema.object({
      {
        delegateType: schema.string(),
      },
-      { allowUnknowns: true }
+      { unknowns: 'allow' }
    ),
  ]),
 });
--- a/x-pack/plugins/watcher/server/routes/api/indices/register_get_route.ts
+++ b/x-pack/plugins/watcher/server/routes/api/indices/register_get_route.ts
@ -11,7 +11,7 @@ import { isEsError } from '../../../lib/is_es_error';
 import { RouteDependencies } from '../../../types';
 import { licensePreRoutingFactory } from '../../../lib/license_pre_routing_factory';

-const bodySchema = schema.object({ pattern: schema.string() }, { allowUnknowns: true });
+const bodySchema = schema.object({ pattern: schema.string() }, { unknowns: 'allow' });

 function getIndexNamesFromAliasesResponse(json: Record<string, any>) {
  return reduce(
--- a/x-pack/plugins/watcher/server/routes/api/watch/register_execute_route.ts
+++ b/x-pack/plugins/watcher/server/routes/api/watch/register_execute_route.ts
@ -19,8 +19,8 @@ import { Watch } from '../../../models/watch/index';
 import { WatchHistoryItem } from '../../../models/watch_history_item/index';

 const bodySchema = schema.object({
-  executeDetails: schema.object({}, { allowUnknowns: true }),
-  watch: schema.object({}, { allowUnknowns: true }),
+  executeDetails: schema.object({}, { unknowns: 'allow' }),
+  watch: schema.object({}, { unknowns: 'allow' }),
 });

 function executeWatch(dataClient: IScopedClusterClient, executeDetails: any, watchJson: any) {
--- a/x-pack/plugins/watcher/server/routes/api/watch/register_save_route.ts
+++ b/x-pack/plugins/watcher/server/routes/api/watch/register_save_route.ts
@ -22,7 +22,7 @@ const bodySchema = schema.object(
    type: schema.string(),
    isNew: schema.boolean(),
  },
-  { allowUnknowns: true }
+  { unknowns: 'allow' }
 );

 function fetchWatch(dataClient: IScopedClusterClient, watchId: string) {
--- a/x-pack/plugins/watcher/server/routes/api/watch/register_visualize_route.ts
+++ b/x-pack/plugins/watcher/server/routes/api/watch/register_visualize_route.ts
@ -16,8 +16,8 @@ import { Watch } from '../../../models/watch/index';
 import { VisualizeOptions } from '../../../models/visualize_options/index';

 const bodySchema = schema.object({
-  watch: schema.object({}, { allowUnknowns: true }),
-  options: schema.object({}, { allowUnknowns: true }),
+  watch: schema.object({}, { unknowns: 'allow' }),
+  options: schema.object({}, { unknowns: 'allow' }),
 });

 function fetchVisualizeData(dataClient: IScopedClusterClient, index: any, body: any) {